Is the initialization vector used to encrypt a block of data always static or dynamic? If it is dynamic then I should send the IV along with the key to the recipient right? This normally doesn't happen.

4 Answers
4

In block cipher algorithms the IV is not secret. Only the key is secret. Most of the time an IV is just a block of random data and is sent along with the enciphered message to the recipient. Actually the IV can be considered as an algorithm parameter.

Moreover, if an IV is used more than once, a weakness already comes up. Actually, the WEP-scheme was broken so easily because the same IV's were used too often. So make sure your IVs are random and not used more than once. Given that a block-cipher is at least 128 bits, unique IV should not be a problem as you can choose from 2^128 IVs
–
HenriFeb 3 '11 at 21:44

I'm not sure if it is the non-randomness which allows for a chosen plaintext attack or the non-uniqueness. Can you give some more info?
–
HenriFeb 3 '11 at 21:46

@Jcs - your answer is not explicitly correct. The IV need not be secret, but it can be. See here for more info.
–
hunterSep 11 '13 at 11:46

The IV is not actually used to encrypt the data. It's used as the -1 block in chaining modes.

In certain modes of block ciphers, e.g. CBC, the cipher feeds the output of the previously encrypted block, into the next block, usually by XORing it with the plaintext before encrypting the next block. This allows for additional diffusion, and prevents recognizing identical blocks of plain text.

But, what to do about that first block, where there is no "previous block" output that you can XOR with the first block?
This is where the IV comes in - it's basically unique, random data, not secret, that you can feed into the first block.
Again, this provides diffusion, both on the first block, and between sets of plain text - e.g. if you encrypt the same plaintext twice, you don't want it obvious from the ciphertext that they're identical.
Hence the need for the IV to be unique (at least different), and random.

And yes, the IV itself is not secret, and definitely need to transmit it along with the ciphertext. Don't forget, it's supposed to be random per use.

The IV is dynamic. It's supposed to be different for every message you encrypt. (For some modes, the IV might be random; for others, it might be predictable but different for each message.)

The recipient needs to know the IV to decrypt. Depending upon the crypto library you use, you might or might not need to send the IV explicitly to the recipient. When encrypting a message, many crypto libraries include the IV as part of the ciphertext. In this case, if you call the crypto library to encrypt your message and transmit the resulting ciphertext to the recipient, the recipient will already obtain the IV. So, you might be sending the IV to the recipient without realizing you're doing it, because the crypto library helpfully bundled it into the ciphertext for you, to make your life easier.

In CBC mode, this makes the resulting cipher text much more predictable and susceptible to a dictionary attack. If it used to encrypt multiple data streams, dictionary attacks are possible, given streams have a common beginning sequence.